Dwaine Bailey
Reputation: 410
SQLITE and iPhone Input Sanitisation
We are making our very first iPhone game, and if the user gets a high score then we need to let them enter their name to store it in the high-scores database inside the app.
What I was wondering is how do we go about sanitising the input on the iPhone. Obviously we don't want them dropping tables when inputting their name!
Can anybody please offer any advice or a push in the right direction?
Thanks, Dwaine
Upvotes: 0
Views: 405
Answers (1)
Don
Reputation: 3684
At the very least, you should be using parameterized queries.
For example:
sqlite3_reset(insertStatement);
sqlite3_bind_text(insertStatement, 1, [userInput UTF8String], -1, SQLITE_TRANSIENT);
if(SQLITE_DONE != sqlite3_step(insertStatement))
{
//handle error
//etc...
You could also use Core Data and rely on it to handle the implementation details. That'd be my recommendation.
Upvotes: 1
Related Questions
- Is sqlite3_bind_text sufficient to prevent SQL injection on the iPhone
- Sanitizing SQLite Input
- Sanitizing Strings before inserting to DB
- Sanitizing input with C++
- Does the Android SQLite implementation sanitize input via the SQLiteDatabase.insert() method?
- how to sanitize data in sqlite3 column
- SQLite Security in iOS
- How to sanitize database inputs in C or Objective-C?
- Safely inserting data into SQLite database with apostrophe
- Prevent sqlite INJECTION ATTACKS on your own iPhone?